name: Static Code Analysis

concurrency:
    group: static-code-analysis-${{ github.head_ref }}
    cancel-in-progress: true

on:
    push:
        branches:
            - master
    workflow_dispatch:

jobs:
    # CodeQl Code Analysis helps discover security vulnerabilities in your code.
    # Official website: https://codeql.github.com/
    # See the results here: https://github.com/AntiMicroX/antimicrox/security/code-scanning

    codeql-analysis:
        name: CodeQl Code Analysis
        runs-on: ubuntu-latest
        permissions:
            actions: read
            contents: read
            security-events: write

        steps:
            - name: Clone Repository
              uses: actions/checkout@v4

            # Initialize CodeQl with language parameters
            - name: Initialize CodeQL
              uses: github/codeql-action/init@v3
              with:
                  languages: "cpp"

            # Project must be built before codeql can run its analysis
            - name: Install Dependencies
              run: sudo apt-get update && sudo apt-get install extra-cmake-modules qttools5-dev qttools5-dev-tools libsdl2-dev libxi-dev libxtst-dev libx11-dev itstool gettext ninja-build

            - name: Configure CMake
              run: cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -B ${{ github.workspace }}/build

            - name: Build AntiMicroX
              run: cmake --build ${{ github.workspace }}/build

            # Run codeql analysis
            - name: Run CodeQL
              uses: github/codeql-action/analyze@v3

    infer-analysis:
        # Infer is a static analysis tool, it produces a list of potential bugs.
        # https://fbinfer.com/
        # How to see the results?
        # 1. Goto Static Code Analysis GitHub Actions: https://github.com/AntiMicroX/antimicrox/actions/workflows/static-code-analysis.yml
        # 2. Click on the relevent workflow run (runs on push, pull_requestand manually using workflow_dispatch)
        # 3. Here you can see the artifact named "report", Download it to see the details.
        # 4. Or you can click on the "Infer Code Analysis" and check the "Run Infer" step.

        name: Infer Code Analysis
        runs-on: ubuntu-latest

        steps:
            - name: Clone Repository
              uses: actions/checkout@v4

            # Download Infer and install at workflow run to ensure latest version
            - name: Install Dependencies
              run: |
                  sudo apt-get update && sudo apt-get install extra-cmake-modules qttools5-dev qttools5-dev-tools libsdl2-dev libxi-dev libxtst-dev libx11-dev itstool gettext ninja-build
                  curl -sSL "https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz" | sudo tar -C /opt -xJ && sudo ln -s "/opt/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer

            # Project must be built before infer can run its analysis, must export the compile_commands.json file
            - name: Configure CMake
              run: cmake -GNinja -DCMAKE_BUILD_TYPE=Debug -DCMAKE_EXPORT_COMPILE_COMMANDS=1 -B ${{ github.workspace }}/build

            - name: Build AntiMicroX
              run: cmake --build ${{ github.workspace }}/build

            # Run infer analysis using the compilation database
            - name: Run Infer
              run: infer run --compilation-database build/compile_commands.json

            # Upload result to build artifacts
            - name: Upload Results
              uses: actions/upload-artifact@v4
              with:
                  name: report
                  path: infer-out/report.txt